Agentifact assessment — independently scored, not sponsored.

MCP ServerFULL AUTO

WordPress MCP

WordPress REST API via MCP. Posts, pages, media, users, taxonomies.

✓ Our Verdict

Viable option — review the tradeoffs

Use Case

You need to give AI agents (Claude, etc.) structured, permission-aware access to WordPress content and operations without building custom integrations for each AI platform.

SolutionWordPress MCP exposes WordPress REST API capabilities through the standardized Model Context Protocol, letting any MCP-compatible AI client query posts, pages, media, users, and taxonomies with built-in permission checking via the Abilities API.

SetupInstall the MCP adapter plugin, register abilities you want to expose, create an MCP server instance via `create_server()` hook, and configure transport (HTTP or Streamable HTTP). For local development, run the local proxy (`mcp-wordpress-remote`). For WordPress.com, use OAuth2 registration and the `/wpcom/v2/mcp/v1` endpoint.

Reliable ability discovery and permission enforcement through WordPress' native Abilities API. The local proxy approach adds a translation layer (MCP protocol ↔ HTTP REST), which is robust but introduces a local process dependency. Response times depend on your REST API performance. Tools are exposed as discrete abilities (e.g., 'create post', 'get user info'), not raw API endpoints—this is cleaner for AI but requires upfront ability registration.

Solid (64/100) because it solves a real integration problem, but adoption depends on WordPress ecosystem maturity of the Abilities API and MCP client support.

Use Case

You're building an AI agent that needs to read and write WordPress content (posts, pages, media) with fine-grained permission control, not just query data.

SolutionMCP Adapter's Abilities Registry and REST Bridge let you define write operations (create, update, delete) with explicit schemas and permission scopes tied to API keys or user roles. The AI client calls these as MCP tools; WordPress validates permissions before executing.

SetupRegister abilities for the operations you need (e.g., 'create post', 'update media'). Use `AbilitiesRestBridge.php` as a reference to map REST controllers to ability definitions. Configure WooCommerce or custom transport with API key authentication and HTTPS enforcement.

Permission enforcement works as expected—API key scope and user role restrictions are enforced server-side. However, you must explicitly register each ability you want to expose; there's no auto-discovery of all REST endpoints. Schema validation happens at the ability level, not the REST layer, so you control what the AI can actually do.

Permission model is the strength here; the limitation is setup overhead for non-trivial use cases.

Limitation — major

Abilities API adoption still emerging

WordPress MCP relies on the Abilities API, which is relatively new (introduced early 2026). Core WordPress exposes only a handful of abilities ('core/get-site-info', 'core/get-user-info', 'core/get-environment-info'). Most plugins and themes don't yet register abilities, so you'll need to build custom ability wrappers for non-core functionality.

Prerequisite

Local proxy setup for non-WordPress.com sites

If you're not on WordPress.com, you must run `mcp-wordpress-remote` as a local Node.js process on the developer's machine. This proxy translates MCP protocol messages to HTTP requests and handles authentication header injection. It's a bridge, not a liability, but it adds a local dependency and requires Node.js.

Node.js@automattic/mcp-wordpress-remote

Caution

HTTPS enforcement on production

WooCommerceRestTransport (and likely other transports) enforces HTTPS in production. HTTP is allowed only for local development. If you deploy an MCP server without HTTPS, authentication will fail. Ensure your WordPress site has a valid SSL certificate before connecting production AI clients.

Trust Breakdown

64

Trust scoreCaution

AGENT

Autonomous workflow delegation

TRUST

Transparency & verification

INTEROP

Protocol compatibility breadth

SECURITY

Security controls & audit trail

DOCS

Documentation completeness

How these scores are calculated →

What It Actually Does

In Plain English

Lets AI agents read and manage WordPress content like posts, pages, and media directly through your site's API. Useful for automating publishing workflows or pulling content into other tools.

WordPress REST API via MCP. Posts, pages, media, users, taxonomies.

Fit Assessment

Not ideal for

✗plugin conflicts can break REST API responses

Known Failure Modes

plugin conflicts can break REST API responses

64

WordPress MCP

Caution · 64/100

Visit WordPress MCP

Score Breakdown

AGENT

Autonomous workflow delegation

TRUST

Transparency & verification

INTEROP

Protocol compatibility breadth

SECURITY

Security controls & audit trail

DOCS

Documentation completeness

Protocol Support

MCP✓

A2A—

A2H—

REST API✓

Agent-callable✓

Capabilities

Transaction capable—

ACP support—

Audit trace—

Pricing

Free

Related Concepts

Browse full Lexicon →

Related Categories

Ready to evaluate WordPress MCP in your stack?

FULL AUTO

Visit WordPress MCP